{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24069", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2026-01-21T11:29:19.854Z", "datePublished": "2026-04-14T11:26:55.274Z", "dateUpdated": "2026-04-14T18:24:36.801Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-04-14T11:26:55.274Z"}, "title": "Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<2.8.2509.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p></p><div></div><p></p><div><div><p>Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.</p></div><div></div><div><div></div></div></div>"}]}], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "tags": ["third-party-advisory"]}], "solutions": [{"lang": "en", "value": "The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.</p>"}]}], "credits": [{"lang": "en", "value": "Bernhard Gr\u00fcndling, SEC Consult Vulnerability Lab", "type": "finder"}, {"lang": "en", "value": "Fabian W\u00fcrfl, SEC Consult Vulnerability Lab", "type": "analyst"}, {"lang": "en", "value": "Johannes Greil, SEC Consult Vulnerability Lab", "type": "analyst"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:45:46.760607Z", "id": "CVE-2026-24069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:45:49.812Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-14T18:24:36.801Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-14T18:24:36.801Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:45:46.760607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:45:43.638Z"}}], "cna": {"title": "Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bernhard Gr\u00fcndling, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "analyst", "value": "Fabian W\u00fcrfl, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "analyst", "value": "Johannes Greil, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Kiuwan", "product": "SAST", "versions": [{"status": "affected", "version": "<2.8.2509.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "value": "<p>The issue was fixed for Kiuwan Cloud on 29 July 2025. For Kiuwan SAST on-premise (KOP), the issue is fixed in version 2.8.2509.4.</p>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/kiuwanlock", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.", "supportingMedia": [{"type": "text/html", "value": "<p></p><div></div><p></p><div><div><p>Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.</p></div><div></div><div><div></div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-04-14T11:26:55.274Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24069", "state": "PUBLISHED", "dateUpdated": "2026-04-14T18:24:36.801Z", "dateReserved": "2026-01-21T11:29:19.854Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2026-04-14T11:26:55.274Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4."}], "id": "CVE-2026-24069", "lastModified": "2026-04-17T15:24:57.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T12:16:20.247", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/kiuwanlock"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2026/Apr/5"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.8.2509.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SAST", "source": "cna", "vendor": "Kiuwan"}, "product": "sast", "vendor": "kiuwan"}], "analysis": {"en": {"generated_at": "2026-04-14T17:53:46.742913+00:00", "value": {"mitigation_remediation": ["Ensure your Kiuwan Cloud deployment is upgraded to a version released after 29 July 2025", "Upgrade Kiuwan SAST on\u2011premise to version 2.8.2509.4 or later", "Verify that disabled accounts can no longer authenticate through SSO after the upgrade", "If an upgrade cannot be performed immediately, temporarily disable or reconfigure SSO for disabled accounts until the fix is applied", "Monitor authentication logs for any SSO logins originating from disabled accounts and investigate anomalous activity"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access via SSO for Disabled Accounts"}, "threat_synthesis": {"affected_systems": "The flaw affects Kiuwan Cloud and the on\u2011premises Kiuwan SAST on\u2011premise (KOP) platform. For Kiuwan Cloud the security issue was resolved with the release dated 29 July 2025; for the on\u2011premise product, the fix is included in version 2.8.2509.4 and later. Any deployment running a version prior to the respective fixes is vulnerable.", "description_and_impact": "Kiuwan SAST allows SSO logins for accounts that have been locally disabled, meaning any user marked as disabled in the user directory can still authenticate through the WebUI SSO flow and access the application. This flaw falls under Authentication Failure (CWE-863) and can lead to unauthorized use of the system by accounts that administrators have explicitly disabled, potentially exposing sensitive project data or settings. The vulnerability does not grant elevated privileges beyond what the account normally holds, but it bypasses an explicit security boundary established by disabling the account.", "risk_and_exploitability": "The CVSS base score of 5.4 marks it as a moderate severity issue, and the EPSS score of less than 1% indicates low exploitation probability. It is not listed in the CISA KEV catalog. The likely attack vector is remote, via the SSO authentication service: an attacker or malicious user with knowledge of a disabled account\u2019s credentials can log in through the SSO flow and evade typical access controls. Because the flaw directly undermines account status enforcement, rapid remediation is advisable to prevent unauthorized access."}}}}, "created": "2026-04-14T16:15:37.135905+00:00", "updated": "2026-04-15T15:30:06.830627+00:00", "vendors": ["kiuwan", "kiuwan$PRODUCT$sast"]}